What is the best Security Provider for Online data sources?
Hallo!
What is the best Security Provider for an Online Data Source (or any Data Source)?
It says here that "By using your own passphrase with any of the Advanced Data Sources, you ensure that nobody can read your session, even when people have a direct access to your database(s) or even a backup. You should always use this when you use SQL Azure or Remote Desktop Manager Online."
There is no security provider called "own passphrase", do you mean "Shared Passphrase"?
If so, is it more secure to use a "Shared Passphrase" for encryption than a certificate?
I have tried to use a certificate as a "Security Provider" and a local SQL Database as a Data Source and to test the security I created two users in RDM, User1 is an administrator and User2 has read only permission to some (but not all) folders.
When I logged in directly to the SQL Server as User1 (the administrator) using SQL Management Studio I noticed that almost nothing is encrypted in the database and almost everything (except the “Data” column, which seems to be encrypted) is stored in Plain Text and that all columns have easy understandable names (i.e. it is not hard to guess what is stored in the each column). I could also alter relationships in the SQL Database as I pleased, for example, I could change which security group a folder belonged to and that was also reflected in RDM with no errors.
When I logged in directly to the SQL Server as User2 (the read only user) using SQL Management Studio I noticed that I could read everything in the database (except the “Data” column, which seems to be encrypted) and I could even read information stored in folders that I could not see in RDM! For Example, I could read all users username, password (although encrypted or hashed) and the password salt and if they were and administrator or not. Since the password, although encrypted (or hashed) and also the password salt, and information of who is an administrator, is accessible to the read only user then it should not be that hard to decrypt the password and login as an administrator in RDM.
This does not feel very secure at all!
Is this the normal and expected behavior, or is there a bug in the version I am using?
I am using Remote Desktop Manager v. 10.1.9.0.
Does a "Shared Passphrase" encrypt the whole Data Source so it is impossible (or at least more difficult) to read or alter the data in the Data Source if you connect directly to the RDM Database with SQL Management Studio (or other tool), or is there a better way to prevent this type of attack (i.e. prevent read access to the entire data source for a limited read only user)?
All Comments (2)
Hello,
Yes, own passphrase means to use the Shared Passphrase. Certificate encryption involves many more steps and ideally you would use your own certification authority, distribute the root certificate on all your machines, then create certificates for encryption that you would distribute on all of your machines as well.
The only data that will be encrypted is that Data column because it is in fact the whole content of the entries. The rest should not contain sensitive data.
In no client/server application is it deemed a best practice to allow access directly to the database. We do grant/deny table level permissions to prevent a malicious user to damage the system, but its always best if users do not have access to the database. Just knowing the list of usernames in the system would allow for brute force dictionary attacks directly on the DB.
The most secure option are
That being said, I would say that 80% of our community is using integrated security against SQL Server. For those that must be compliant with some certification we do have many options and settings to make the system as secure as you require.
We plan to write a white paper on securing RDM, hopefully we'll have time to do this in the near future.
Best regards,
Maurice
Hallo!
A good white paper on securing RDM is extremely important and I am quite surprised to hear that you do not have one already considering your product has been on the market for several years and you are on version number 10!
This is definitely something you should address ASAP since it is extremely important that the very sensitive data stored in any datasource for RDM is properly secured and you should really take the time at once!
But, since you do not have a white paper then perhaps you can supply answers to the following questions?
How do I deny direct access to the database when using SQL server as the datasource? A user is automatically given read access to the database when you create a user with RDM! Is it possible to restrict access in SQL Server so that some users can only access the database by using the RDM client?
Which datasources can be “Locked” and can you provide an example of how to “Lock” those datasources?
We do not have SQL Server Enterprise Edition (far too expensive for us), but it is possible to implement column level encryption with using Symmetric keys, asymmetric keys, and a passphrase in all editions of SQL server (including the free Express edition) from version 2008 and above (see http://www.databasejournal.com/features/mssql/granular-or-cell-level-encryption-in-sql-server.html for an example on how to use it). Is it possible to use this together with RDM to encrypt other important columns like Name (username), SecurityGroup, CustomSecurity, etc. or if not, is this something that you can implement in the next version of RDM?